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IN THE CLAIMS: 
Amended claims follow: 

1 . (Currently Amended) A method for managing user attributes in a 
distributed computing system, wherein user attributes determine access rights to a 
computer application: the method comprising: 

modifying an attribute database in order to create modifications , wherein 
the attribute database includes a plurality of possible user attributes and a data 
structure identifying a p lurality of users; 

obtaining an identity certificate from a certificate authority; 

associating the identity certificate with a user from the plurality of users 
within the attribute database , thus creating more of the modifications : 

assigning an attribute from the plurality of possible user attributes to the 
use r, whereby the user is granted acc e ss right s -basod on tli e attribute and the 
identity c e rtificat e; 

storing the attribute assigned to the user into the attribute database , thus 
creating more of the modifications : and 

distributing the modifications to the attribute database to a plurality of 
hosts coupled togetlier by a network: 

wherein the user is granted access rights based on the attribute and the 
identity certificate . 

2. (Currently Amended) The method of claim 1 , further comprising: 
assigning a second attribute from the plurality of possible user attributes to 
the use r, in addition to said attribute : and 
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Storing the second attribute assigned to the user into the attribute database^ 
thus creating more of the modifications . 

3. (Currently Amended) The method of claim 1, further comprising 
using secure communications le rwhen distributing the modifications to the 
attribute database to the plurality of hosts. 

4. (Currently Amended) The method of claim 1 , further comprising 
signing the attribute database with a cryptographic signature prior to the 
distributing to allow detection of unauthorized changes to the attribute database. 

5. (Currently Amended) The method of claim 1 , wherein a host of the 
plurality of hosts can distribute the modifications to the attribute database to a 
subordinate host in a tree architecture. 

6. (Currently Amended) The method of claim 1 , further comprising 
allowing the user to assume any attribute stored into the attribute database that is 
assigned to the use r during the iissigning . 

7. (Currently Amended) The method of claim 1 , further comprising: 
deleting the attribute assigned to the user from the attribute database , after 

the distributing, thus creating more of the modifications : and 

redistributing the modifications to the attribute database to the plurality of 

hosts. 

8. (Original) The method of claim 1, wherein modifying the attribute 
database includes creating the attribute database. 

Docket: NAI1P252/00. 102.01 -3- 



PACE 6/12 • RCVD AT 1 W21/20O4 6:55:47 PM [Eastern Daylight Time] • SVR:USPT0-EFXRF-1/1 * DNIS:8729306 * CSID:408 871 4660 * DURATION (mm^8):03-56 



n 



Oct 21 04 03:04f> SVIPG 



408 971 4660 



9. (Currently Amended) A computer-readable storage medium storing 
instructions that when executed by a computer cause the computer to perform a 
method for managing user attributes in a distributed computing system, wherein 
user attributes detennine access rights to a computer apphcation: the method 
comprising: 

modifying an attribute database in order to create modifications , wherein 
the attribute database includes a data structure identifying a p lurality of possible 
user attributes and a plurality of users; 

obtaining an identity certificate from a certificate authority; 

associating the identity certificate with a user from the plurality of users 
within the attribute database , thus creating more of the modifications ; 

assigning an attribute from the plurality of possible user attributes to the 
use r, whereby the u se r i s granted accoss rights based on the attribute and the 
identity oortifioat e: 

storing the attribute assigned to the user into the attribute database , thus 
creating more of the modifications; and 

distributing the modifications to the attribute database to a plurality of 
hosts coupled together by a network^ 

wherein the user is granted access rights based on the attribute and the 
identity certificate , 

1 0. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising: 

assigning a second attribute from the plurality of possible user attributes to 
the user , in addition to said attribute ; and 
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Storing the second attribute assigned to the user into the attribute database;, 
thus creating more of the modifications . 

1 1 . (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising using secure communications fe fwhen 
distributing the modifications to the attribute database to the plurality of hosts. 

12. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising signing the attribute database with a 
cryptographic signature prior to the distributing to allow detection of unauthorized 
changes to the attribute database. 

1 3. (Currently Amended) The computer-readable storage medium of 
claim 9, wherein a host of the plurality of hosts can distribute the modifications to 
the attribute database to a subordinate host in a tree architecture. 

14. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising allowing the user to assume any attribute 
stored into tlie attribute database that is assigned to the use r during the assigning . 

15. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising: 

deleting the attribute assigned to the user fi"om the attribute database^_after 
the distributing, thus creating more of the modifications ; and 

redistributing the modijications to the attribute database to the plurality of 

hosts. 
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1 6. (Original) The computer-readable storage medium of claim 9, 
wherein modifying the attribute database includes creating tlie attribute database. 

17. (Currently Amended) An apparatus that facilitates managing user 
attributes in a distributed computing system, wherein user attributes determine 
access rights to a computer application: the apparatus comprising: 

a modifying mechanism configured to modify an attribute databasejn 
order to create modifications , wherein the attribute database includes a data 
structure identifying a p lurality of possible user attributes and a plurality of users; 

an identit>' certificate obtaining mechanism configured to obtain an 
identity certificate from a certificate authority: 

an associating mechanism configured to associated the identity certificate 
with a user from the plurality of users within the attribute database , thus creating 
more of the modifications ; 

an assigning mechanism configured to assign an attribute from the 
plurality of possible user attributes to the use r, wher e by die user is granted acc e ss 
rights based on the attribute and -t he - identity certificat e; 

a storing mechanism configured to store the attribute assigned to the user 
into the attribute database , thus creating more of the modifications ; and 

a distributing mechanism tliat is configured to distribute the modifications 
to the attribute database to a pluralit>* of hosts coupled together by a network; 

wherein the user is granted access rights based on the attribute and the 
identity certificate . 

1 8. (Currently Amended) The apparatus of claim 17, further 
comprising: 
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the assigning mechanism that is further configured to assign a second 
attribute from the plurality of possible user attributes to the user, in addition to 
said attribute ; and 

the storing mechanism that is further configured to store the second 
attribute assigned to the user into the attribute database , thus creatin g more of the 
modifications . 

19. (Currently Amended) The apparatus of claim 1 7, further 
comprising a secure communications mechanism configured to distribute the 
modifications to the attribute database to the plurality of hosts , during the 
distributing . 

20. (Currently Amended) The apparatus of claim 17, further 
comprising a signing mechanism that is configured to sign the attribute database 
with a cryptographic signature prior to the distributing t o allow detection of 
unauthorized changes to the attribute database. 

21 . (Currently Amended) The apparatus of claim 17, wherein the 
communications mechanism associated with a host of the plurality of hosts is 
configured to distribute the modifications to the attribute database to a subordinate 
host in a tree architecture. 

22. (Currently Amended) The apparatus of claim 1 7, further 
comprising an authorization mechanism that is configured to authorize the user to 
assume any attribute stored into the attribute database that is assigned to the user 
during the assigning . 
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23. (Currently Amended) The apparatus of claim 1 7. further 
comprising: 

a deleting mechanism that is configured to delete the attribute assigned to 
the user from the attribute database , after the distributing, thus creating more of 
the modifications : and 

a redistributing mechanism that is configured to redistribute the 
modifications to the attribute database to the plurality of hosts. 

24. (Original) The apparatus of claim 17, wherein the modifying 
mechanism is further configured to create tlie attribute database. 
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